i am trying to get kerberos id <--> ldap object mapping down for dovecot,
and seem to have hit a wall.
i have the kerberos service principal created and a keytab populated. i
can successfully kinit using the keytab and get a TGT for the
imap/test.bpk2.com@BPK2.COM id. when i run ldapwhoami i get:
SASL/GSSAPI authentication started
SASL username: imap/test.bpk2.com@BPK2.COM
SASL SSF: 56
SASL data security layer installed.
dn:uid=imap/test.bpk2.com,ou=domainusers,ou=users,dc=bpk2,dc=com

What do the OpenLDAP logs show the binding ID to be?
--Quanah
--
Quanah Gibson-Mount
Platform Architect
Zimbra, Inc
--------------------
Zimbra :: the leader in open source messaging and collaboration